QUIET='n'
SIMULATE='n'
-VERSION="3.3"
+VERSION="4.1"
# console colors:
RED=""
declare -A NEW_IMAP_SERVERS=()
NEW_IMAP_SERVERS['prd']="prd-imap01.pixelpark.com"
NEW_IMAP_SERVERS['test']="prd-imap01.pixelpark.com"
-NEW_IMAP_SERVERS['dev']="idev-imap01.pixelpark.com"
+NEW_IMAP_SERVERS['dev']="dev-imap01.pixelpark.com"
NEW_IMAP_SERVER="${NEW_IMAP_SERVERS['prd']}"
local ldif_file=
for ldif_file in "${ldif_dir}"/*.ldif ; do
- add_additional_entry "${ldif_file}"
+ if [[ -f "${ldif_file}" ]] ; then
+ add_additional_entry "${ldif_file}"
+ fi
+ done
+
+}
+
+#------------------------------------------------
+apply_acl() {
+
+ local dn="$1"
+ local acl_name="$2"
+ local acl="$3"
+
+ local cmd=
+ local value=
+
+ debug "Checking for acl '${CYAN}${acl_name}${NORMAL}' of entry '${CYAN}${dn}${NORMAL}' ..."
+
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' -s base "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="'(aci=*\"${acl_name}\"*)' aci | grep -i '^aci:'"
+ debug "Executing: ${cmd}"
+ value=$( eval ${cmd} || true )
+
+ if [[ -n "${value}" ]] ; then
+ warn "ACI '${YELLOW}${acl_name}${NORMAL}' already exists in entry '${CYAN}${dn}${NORMAL}'."
+ return 0
+ fi
+
+ info "Applying ACI '${CYAN}${acl_name}${NORMAL}' to entry '${CYAN}${dn}${NORMAL}': ${acl}"
+
+ cat > "${LDIF_FILE}" <<-EOF
+ dn: ${dn}
+ changetype: modify
+ add: aci
+ aci: ${acl}
+ -
+ EOF
+ if [[ "${VERBOSE}" == "y" ]] ; then
+ debug "Resulting LDIF:"
+ cat "${LDIF_FILE}"
+ fi
+
+ cmd="ldapmodify -H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
+ cmd+=" -f \"$( readlink -f "${LDIF_FILE}" )\""
+ debug "Executing: ${cmd}"
+ if [[ "${SIMULATE}" != "y" ]] ; then
+ eval $cmd
+ fi
+ debug "Done."
+}
+
+#------------------------------------------------
+add_acis_from_file() {
+
+ local aci_file="$1"
+
+ local cmd=
+ local value=
+
+ empty_line
+ local dn=$( basename "${aci_file}" | sed -e 's/^[0-9][0-9]*\.//' -e 's/\.txt//i' )
+
+ info "Adding ACIs for entry '${CYAN}${dn}${NORMAL}' from file '${aci_file}' ..."
+
+ debug "Checking for entry '${CYAN}${dn}${NORMAL}' ..."
+ cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' -s base "
+ cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
+ cmd+="\"(objectClass=*)\" dn | grep -i '^dn:'"
+ debug "Executing: ${cmd}"
+ value=$( eval ${cmd} || true )
+
+ if [[ -z "${value}" ]] ; then
+ warn "Entry '${YELLOW}${dn}${NORMAL}' does not exists."
+ return 0
+ fi
+ debug "Entry '${CYAN}${dn}${NORMAL}' is existing."
+
+ local acl_name=
+ local acl=
+ local line=
+
+ local oifs="${IFS}"
+
+ local -a acl_names=()
+ local -A acls=()
+
+ IFS="
+"
+
+ for line in $( cat "${aci_file}" | grep -vP '^\s*(#|$)' ) ; do
+ acl_name=$( echo "${line}" | sed -e 's/[ ]*:.*//' -e 's/^[ ]*//' )
+ acl=$( echo "${line}" | sed -E -e 's/^[^:]+[ ]*:[ ]*//' )
+ if [[ -n "${acl_name}" && -n "${acl}" ]] ; then
+ acl=$( printf "${acl}" "${acl_name}" )
+ debug "Applying ACI '${CYAN}${acl_name}${NORMAL}': ${acl}"
+ acl_names+=( "${acl_name}" )
+ acls[${acl_name}]="${acl}"
+ fi
+ done
+
+ IFS="${oifs}"
+
+ for acl_name in "${acl_names[@]}" ; do
+ acl="${acls[${acl_name}]}"
+ apply_acl "${dn}" "${acl_name}" "${acl}"
+ done
+
+}
+
+#------------------------------------------------
+adding_acis() {
+
+ empty_line
+ draw_line
+ info "Adding ${CYAN}ACIs${NORMAL} (access control item) ..."
+
+ local aci_dir="etc/aci"
+
+ if [[ ! -d "${aci_dir}" ]] ; then
+ error "Directory for additional ACI definitions '${RED}${aci_dir}${NORMAL}' not found."
+ exit 8
+ fi
+
+ local aci_file=
+
+ for aci_file in "${aci_dir}"/[0-9][0-9][0-9].*.txt ; do
+ if [[ -f "${aci_file}" ]] ; then
+ add_acis_from_file "${aci_file}"
+ fi
done
}
cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
cmd+="\"(objectClass=*)\" dn | grep -i '^dn:'"
- # debug "Executing: ${cmd}"
+ debug "Executing: ${cmd}"
value=$( eval ${cmd} || true )
if [[ -n "${value}" ]] ; then
uidNumber: ${max_uid}
EOF
+ if [[ "${VERBOSE}" == "y" ]] ; then
+ debug "Resulting LDIF:"
+ cat "${LDIF_FILE}"
+ fi
cmd="ldapadd -H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
cmd+=" -f \"${LDIF_FILE}\""
cmd="ldapsearch -x -LLL -o ldif-wrap=no -H '${LDAP_URL}' "
cmd+="-b \"${dn}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\" "
cmd+="\"(objectClass=*)\" dn | grep -i '^dn:'"
- # debug "Executing: ${cmd}"
+ debug "Executing: ${cmd}"
value=$( eval ${cmd} || true )
if [[ -n "${value}" ]] ; then
uidNumber: ${max_gid}
EOF
+ if [[ "${VERBOSE}" == "y" ]] ; then
+ debug "Resulting LDIF:"
+ cat "${LDIF_FILE}"
+ fi
cmd="ldapadd -H \"${LDAP_URL}\" -x -D \"${LDAP_USR}\" -y \"${LDAP_PWD_FILE}\""
cmd+=" -f \"${LDIF_FILE}\""
update_all_mailhosts
update_all_public_sshkeys
adding_additional_entries
+ adding_acis
add_id_pools
empty_line
projects / pixelpark / ldap-migration.git / commitdiff